Technical Stuff

Start from basics

IIB – Enabling Admin Security on Web UI (File Based Authentication)

IIB – Enabling Admin Security on Web UI (File Based Authentication)
IIB – Enabling Admin Security on Web UI (File Based Authentication)
5 (100%) 1 vote

Hi Every One ! Today, we are going to discuss regarding IIB Security for authentication.

So, Lets begin !!!

IBM Integration Bus WEB User Interface allows users easy access to the Integration Node resources through a HTTP Client.For those who have a problem remembering commands WEB UI makes your task easy.

From Deploying resources to managing becomes effortless.However it is important to maintain access control to it.ADMIN security option for the WEB UI is provided.However the option is by default disabled.

There are basically two types of Authentication provided

1) File Based
2) MQ Based

Today we are going to take a look at File Based.

Note:Below steps are performed on Linux Operating System

In below scenario we will create 3 users,3 roles and the resources(here integration server) accessible to them.

User Roles Resource Accessible
ruser rRole rServer(Integration Server)
rwuser rwRole rwServer(Integration Server)
iadminuser adminRole rServer,rwServer,Server (Integration Server)

1) Create 3 users

[email protected]:~$ sudo bash

[sudo]

password for dell:

[email protected]:~# useradd -d /home/ruser ruser
[email protected]:~# useradd -d /home/rwuser rwuser
[email protected]:~# useradd -d /home/iadminuser iadminuser

2) Add the user to mqbrkrs group
[email protected]:~# usermod -G mqbrkrs ruser
[email protected]:~# usermod -G mqbrkrs rwuser
[email protected]:~# usermod -G mqbrkrs iadminuser

3) Create an Integration node.
[email protected]:~/iib-10.0.0.10$ mqsicreatebroker BABRKD01
BIP8071I: Successful command completion.

4) Start the Integration node.
[email protected]:~/iib-10.0.0.10$ mqsistart BABRKD01
BIP8096I: Successful command initiation, check the system log to ensure that the component started without problem and that it continues to run without problem.

5) Create 3 integration servers.
[email protected]:~/iib-10.0.0.10$ mqsicreateexecutiongroup BABRKD01 -e rServer
BIP1124I: Creating integration server ‘rServer’ on integration node ‘BABRKD01’…
BIP1117I: The integration server was created successfully.

The integration node has initialized the integration server.

[email protected]:~/iib-10.0.0.10$ mqsicreateexecutiongroup BABRKD01 -e rwServer
BIP1124I: Creating integration server ‘rwServer’ on integration node ‘BABRKD01’…
BIP1117I: The integration server was created successfully.

The integration node has initialized the integration server.

[email protected]:~/iib-10.0.0.10$ mqsicreateexecutiongroup BABRKD01 -e Server
BIP1124I: Creating integration server ‘Server’ on integration node ‘BABRKD01’…
BIP1117I: The integration server was created successfully.

The integration node has initialized the integration server.

6) Check the administration URI using below command
[email protected]:~/iib-10.0.0.10$ mqsilist
BIP1325I: Integration node ‘BABRKD01’ with administration URI ‘http://dell-latitude-e6420:4414’ is running.

7) Check whether the WEB UI is enabled for the integration node
[email protected]:~/iib-10.0.0.10$ mqsireportproperties BABRKD01 -b webadmin -o server -a

server=”
uuid=’server’
enabled=’true’
ldapAuthenticationUri=”
sessionMaxInactiveAgeSecs=”
enableSSL=”

BIP8071I: Successful command completion.

8) If the above command gives enabled = ‘false’ as output.Enter the below command to enable the WEB UI.

[email protected]:~/iib-10.0.0.10$ mqsichangeproperties BABRKD01 -b webadmin -o server -n enabled -v true
BIP8071I: Successful command completion.

9) Stop the integration node first,to activate the file based authentication on the WEB UI.
[email protected]:~/iib-10.0.0.10$ mqsistop BABRKD01
BIP8071I: Successful command completion.

[email protected]:~/iib-10.0.0.10$ mqsichangeauthmode BABRKD01 -s active -m file
BIP8071I: Successful command completion.

10) Create a role “rRole” with read permissions.
[email protected]:~/iib-10.0.0.10$ mqsichangefileauth BABRKD01 -r rRole -p read+
BIP8071I: Successful command completion.

11) Create a role “rwRole” with read and write permissions.
[email protected]:~/iib-10.0.0.10$ mqsichangefileauth BABRKD01 -r rRole -p read+,write+
BIP8071I: Successful command completion.

12) Create a role “adminRole” with read,write and execute permissions.
[email protected]:~/iib-10.0.0.10$ mqsichangefileauth BABRKD01 -r adminRole -p all+
BIP8071I: Successful command completion.

13) Assign user “ruser” with read permission on Integration Server “rServer”.
[email protected]:~/iib-10.0.0.10$ mqsichangefileauth BABRKD01 -e rServer -r rRole -p read+
BIP8071I: Successful command completion.

14) Assign user “rwuser” with read and write permission on the integration Server “rwServer”.
[email protected]:~/iib-10.0.0.10$ mqsichangefileauth BABRKD01 -e rwServer -r rwRole -p read+,write+
BIP8071I: Successful command completion.

15) Assign user “iadminuser” with read,write and execute permissions on all servers(rServer,rwServer and Server)
[email protected]:~/iib-10.0.0.10$ mqsichangefileauth BABRKD01 -e Server -r adminRole -p all+
BIP8071I: Successful command completion.

[email protected]:~/iib-10.0.0.10$ mqsichangefileauth BABRKD01 -e rServer -r adminRole -p all+
BIP8071I: Successful command completion.

[email protected]:~/iib-10.0.0.10$ mqsichangefileauth BABRKD01 -e rwServer -r adminRole -p all+
BIP8071I: Successful command completion.

16) Start the Integration Node
[email protected]:~/iib-10.0.0.10$ mqsistart BABRKD01
BIP8096I: Successful command initiation, check the system log to ensure that the component started without problem and that it continues to run without problem.

17) Set the password for web UI for user ruser.
[email protected]:~/iib-10.0.0.10$ mqsiwebuseradmin BABRKD01 -c -u ruser -r rRole
Enter password for user ID
Retype password for user ID.
BIP8071I: Successful command completion.

18) Set the password for web UI for user rwuser.
[email protected]:~/iib-10.0.0.10$ mqsiwebuseradmin BABRKD01 -c -u rwuser -r rwRole
Enter password for user ID
Retype password for user ID.
BIP8071I: Successful command completion.

19) Set the password for web UI for user iadminuser.
[email protected]:~/iib-10.0.0.10$ mqsiwebuseradmin BABRKD01 -c -u iadminuser -r adminRole
Enter password for user ID
Retype password for user ID.
BIP8071I: Successful command completion.

Do let me know ,how you find the blog.Was it helpful to you?So, if you like the blog.Do subscribe to get notified…!!!

Thank you!

Happy Learning !!!
If you have doubt or queries, you can definetely comment us or can mail us on [email protected]

If you have any Recommendation for future blog, You can email us on [email protected]

Top Searches :

1.      Top Linux Commands

2.      Introduction to linux.

3.      Websphere hack

4.      My Story – Jboss Hardening

5.      Installation and configuration of Apache 2.2 on Linux

Leave a Reply

%d bloggers like this: